Alex Goodman
Alex Goodman
_This idea came from @samj1912 on a recent community meeting as well as a previous prototype._ Today we've started adding the ability to encode and decode from any SBOM format....
Derived from https://github.com/anchore/grype/issues/525 , syft errors out on analysis when an RPMDB cannot be parsed: ``` ✔ Vulnerability DB [no update available] New version of grype is available: 0.27.0 ✔...
Today we have a release process that is relatively simple: push a tag, a team member needs to approve, the pipeline runs, and there is a draft release ready for...
**What would you like to be added**: The ability to read entire file contents (or just the top X bytes of the file) and classify the contents as a particular...
**What would you like to be added**: The ability to identify SPDX license identifiers from individual files, such as: ```golang /* SPDX-License-Identifier: GPL-3.0-or-later */ package main import "fmt" func main()...
**What would you like to be added**: The ability to list the specific shared lib dependencies for a binary. For example: ``` $ readelf -d ./partx Dynamic section at offset...
Cataloger objects are the foundation to how syft understands how to parse sources, discover files, and reveal packages. We should add explicit documentation in a `DEVELOPING.md` guide on the high...
Add the following user scope selections: - Hidden Scope: `all layers - squashed` - User Scope: `all layers - base layer` - User Squashed Scope: `squashed - base layer` -...
Today the package catalogers expose some file information from the cataloging source, not directly about the file on disk (e.g. indirect file metadata from the RPM DB, not metadata gotten...
**What would you like to be added**: Be able to specify multiple targets that where one or more SBOMs are created. Take the following examples for illustrative purposes: ```yaml #...